Overview

overview

10

Static

static

10

3b74ff7743...5b.dll

windows7-x64

10

3b74ff7743...5b.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-09-2023 14:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3b74ff7743462e7e3b06c264ffa62d240c1d72e8adff87efc83982470ce8275b.dll

  • Size

    1.3MB

  • MD5

    0cc6ac49f57dd3c843c2b3a9087678b9

  • SHA1

    679fad3562961cdcd841f8a5474a4a2eaab3f504

  • SHA256

    3b74ff7743462e7e3b06c264ffa62d240c1d72e8adff87efc83982470ce8275b

  • SHA512

    37a8eb33fe55cdae4d6ce71ec613b4e2c386afde767be84ee5a1d6740e124e4480cf58b751d88ab0d9fc6d9fd76bddb04aa3242a927e91627bbf7c95554d9f38

  • SSDEEP

    24576:pcF24kalewp+N/U1s4LHu1zG6T63YAkI48TMdzf:Kv251K6W3J5Tq

Score
10/10
danabot4bankertrojan

Malware Config

Extracted

Family

danabot

Botnet

4

C2

23.254.144.209:443

23.254.227.74:443

192.255.166.212:443
Attributes
  • embedded_hash

    0E1A7A1479C37094441FA911262B322A

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Signatures

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot
  • Danabot Loader Component 1 IoCs
  • Blocklisted process makes network request 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\3b74ff7743462e7e3b06c264ffa62d240c1d72e8adff87efc83982470ce8275b.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4772
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\3b74ff7743462e7e3b06c264ffa62d240c1d72e8adff87efc83982470ce8275b.dll,#1
      2⤵
      • Blocklisted process makes network request
      PID:644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/644-0-0x0000000000400000-0x0000000000561000-memory.dmp
    Filesize

    1.4MB

    Download